ByteOS Network

tourmaster

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-12400

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-7.1||HIGH

EPSS-0.05% / 15.88%

7 Day CHG~0.00%

Published-30 Jan, 2025 | 06:00

Updated-09 Jun, 2025 | 21:20

Tourmaster < 5.3.5 - Reflected XSS

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

Vendor-goodlayers Unknown

Product-tour_master tourmaster

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-11356

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-6.1||MEDIUM

EPSS-0.02% / 4.46%

7 Day CHG~0.00%

Published-06 Jan, 2025 | 06:00

Updated-05 Jun, 2025 | 21:06

Tourmaster < 5.3.4 - Unauthenticated Stored XSS via Room Booking

The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

Vendor-goodlayers Unknown

Product-tour_master tourmaster

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')